IT Security & Network Security News & Reviews: Database Security Shortcomings Raise Red Flags

 
 
By Brian Prince  |  Posted 2009-10-13
 
 
 

Database Security Shortcomings Raise Red Flags

by Brian Prince

Database Security Shortcomings Raise Red Flags

Data Breaches Galore

Roughly the same percentage of people in the 2009 survey declared a data breach was either "inevitable" or "somewhat likely" as they did a year ago. However, the report also found that 9 percent had experienced a data breach over the past year—a slight increase from 2008, when it was 6 percent.

Data Breaches Galore

Database Security Priorities

The survey only found a slight change in database securitys rank next to other IT security priorities. But the drop-off here is also taking place in the context of a slowdown in security spending. Thirteen percent said their security budget decreased, as compared with 4 percent in 2008, and even though 28 percent reported a spike in their security spending, that compared with 41 percent last year.

Database Security Priorities

Secure Configurations for the Database

Some 25 percent said all their databases were securely configured, which was a drop-off of 3 percent from last year. While 40 percent said "most" of their databases were configured securely, it should also be noted that the percentage of people who said they were not sure where all their sensitive data is located jumped by 8 percent.

Secure Configurations for the Database

Securing Super Users

Even as data breaches such as the one that occurred at LendingTree underscore the dangers of the insider threat, the survey shows that many organizations have not made much progress in safeguarding against abuses by privilege users.

Securing Super Users

Users Bypassing Applications and Accessing Application Data

More than a third of users can access application data in the database using ad hoc tools.

Users Bypassing Applications and Accessing Application Data

Outsourcing and Security

There has been a slight increase in outsourcing of database administration, most likely in response to the economy. However, the percentage of unencrypted databases being sent offsite crept up as well.

Outsourcing and Security

Encryption Not Being Deployed

More than 40 percent said they do not encrypt their online and offline database backups and exports. About a third said they did some limited encryption of the data.

Encryption Not Being Deployed

Native Database Auditing Used to Monitor Database Activity

The figures here are roughly the same as in 2008. However, just 42 percent said they would be able to detect an unauthorized configuration change on most of their databases. That compares to 51 percent last year.

Native Database Auditing Used to Monitor Database Activity

Monitoring Production Databases

IOUG speculates that budget cuts and a lack of resources may account for the discrepancies between 2009 and 2008 found here.

Monitoring Production Databases

Rocket Fuel